Adding upstream version 6.7.12.upstream/6.7.12

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-05-18 18:47:48 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-05-18 18:47:48 +0000
commit: a1865fbd182b17f2d2f465f557af5b45501c5f1c (patch)
tree: 59da519ef2e59c763bb8efdbe67bc348cf833767 /net/netfilter/nft_ct.c
parent: Adding upstream version 6.7.9. (diff)
download: linux-a1865fbd182b17f2d2f465f557af5b45501c5f1c.tar.xz
linux-a1865fbd182b17f2d2f465f557af5b45501c5f1c.zip
1 files changed, 5 insertions, 6 deletions
diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c
index bfd3e5a14..255640013 100644
--- a/net/netfilter/nft_ct.c
+++ b/net/netfilter/nft_ct.c
@@ -1256,14 +1256,13 @@ static int nft_ct_expect_obj_init(const struct nft_ctx *ctx,
 	switch (priv->l3num) {
 	case NFPROTO_IPV4:
 	case NFPROTO_IPV6:
-		if (priv->l3num != ctx->family)
-			return -EINVAL;
+		if (priv->l3num == ctx->family || ctx->family == NFPROTO_INET)
+			break;
 
-		fallthrough;
-	case NFPROTO_INET:
-		break;
+		return -EINVAL;
+	case NFPROTO_INET: /* tuple.src.l3num supports NFPROTO_IPV4/6 only */
 	default:
-		return -EOPNOTSUPP;
+		return -EAFNOSUPPORT;
 	}
 
 	priv->l4proto = nla_get_u8(tb[NFTA_CT_EXPECT_L4PROTO]);
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-05-18 18:47:48 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-05-18 18:47:48 +0000
commit	a1865fbd182b17f2d2f465f557af5b45501c5f1c (patch)
tree	59da519ef2e59c763bb8efdbe67bc348cf833767 /net/netfilter/nft_ct.c
parent	Adding upstream version 6.7.9. (diff)
download	linux-a1865fbd182b17f2d2f465f557af5b45501c5f1c.tar.xz linux-a1865fbd182b17f2d2f465f557af5b45501c5f1c.zip